Thank You PASS DBA Virtual Chapter

Yesterday I was able to do my first webcast, a presentation for the PASS DBA Virtual Chapter.   A Big Thank You to Idera for being the Webcast Sponsor!  Go check them out they are a great SQL Community Member, and a Sponsor of user groups and SQL Saturday Events.  I want to Thank everyone who was able to take time away from work, or during, to attend.  I would also like to thank Sharon & PASS for having me present.  Last but not least I would like to say a big Thank You to Mike Clark for being my Presenter, he made the experience super easy, and was a pleasure to work with!  Mike You rock!

So Dear Reader, the topic at hand was Compression.  I did my presentation that will be part of the up-coming SQL Rally, May 11th - May 13th, in Beautiful Orlando FL.  We have an amazing line-up of SQL Proffesionals throughout the industry that will be on hand.   And for the cost of less than $500 (if you sign up now and that is INCLUDING the Pre-Con)!

DECK & SCRIPTS

My Deck & Scripts were the same that I've used before but I wanted to post them for download, in case anyone would like to use compression.  I want them to have all the tools they need to get started.

Get my Slide Deck Here.

And all the Demo's Here.

QUESTIONS
A Question was asked after the presentation, forgive me if I butcher it, But the main idea was as follows.

 "I've compressed all of the tables in my database, my CPU is below 40%, are there any KNOWN issues with this?  And what do you recommend?"

There is always a case that will be the exception of the rule.  I would not recommend compression your entire database, just like I would not recommend compressing the entire contents of your C Drive.  Sure you'll save some space, but your performance will go down hill because of the overhead.

When you look through the Demo's there is an order that I like to suggest people go through.

1. Look at the Size of your Tables.
2. Look at the Makup of your Tables Allocation Unit's (Only IN_ROW_DATA Compresses)
3. Look at your Scan & Update pattern usage, this will help determine the type of Compression you should use.
4. GET A BASELINE!!! Look at your Table and/or Indexes Size, I/O's, CPU, and Runtime Before.  Then Look at them After.  Do a comparison.   If anything has changed for the negative, then perhaps you shouldn't be using Compression on that Table and/or Index.

It is possible that someone out there has a system that could benefit from every table being compressed, It's not outside of the realm of possibilities.  However, I would wager that would be a very Rare Scenario.

Compression is like Indexes, used properly it is a beautiful thing, but too much can tank your performance.

Thank's Again to everyone who could make the Presentation, I hope you are motivated to go to SQL RALLY!

Thanks,

Brad

PASS DBA Virtual Chapter: SQL Rally Preview

On March 23rd at 12 noon Eastern Coast Time, I'll be hosting the PASS DBA Virtual Chapter meeting, Click Here to for the DBA Virtual Chapter webpage that has the Live Meeting Link.

This presentation is sponsered by the Good People over at Idera, and has a sponsor based presentation, here's a little info on that.

"Bullett Manale, a sales engineering manager at Idera, will present various use-case scenarios for utilizing virtual databases. A virtual database is a software implementation of a database that allows for data and storage and retrieval but exploits the backup files rather than the data base itself."




I'll be presenting my SQL Rally Topic, Page & Row Compression How, When, and Why, I'll be changing up some of the Demo's a bit, so if your free hop in and get a preview for SQL Rally.


I've blogged about this topic in relation to my Presentations, and I'm getting to the point that I just need to do a Series on it.  But until that Series Dear Reader, if your curious to read a little more here are some of my previous posts on the topic.

Vote For SQL Rally! And Why you should vote for Page and Row Compression.

Thank You MagicPASS, A Compression Recap

Happy Reading and I hope to see you online.

Thanks,


Brad

Thank You OPASS! Transparent Data Encryption Recap

At the start of March I had the great pleasure of being the opening DBA shot for the OPASS meeting.  Microsoft MVP Ken Tucker was the main act giving us an inside look at Silverlight MVVM Framework.

Going to OPASS is like going to the Oscar’s, the stars in the audience are part of the treat!  Everyone had great questions, and they were very interactive.  Jack Corbett (blog | twitter) and Karla Landrum (twitter) had a wonderful venue, Rikka Asian Bistro, for the OPASS meeting.

During my Talk I had promised to post my slide deck and the script that I used for my Demo, so I wanted to do that right off the bat.

Slide Deck – OPASS Transparent Data Encryption: The Lightning Round

Demo for the presentation

DEMO RECAP

So Dear Reader during the talk we covered a couple things.  We covered Why you should use Transparent Data Encryption (TDE), How to setup TDE, how to Disable TDE, and the effects TDE has on your backup and recovery Strategy, the slide deck and demo’s are attached so I’ll let you go through those on your own I’m just going to cover things from a logical level.  We’ll step through each of those, and then we’ll get to some advanced scripts on how to self manage certificates for TDE.

WHY?

Here is a slide from my deck, and this is the best reason why, if you are a DBA long enough eventually you will find yourself in a situation where a backup is lost, something will get stolen, or something will get hacked.  TDE will not save you from every scenario, but what it will do is make so when you are in this situation you have one more level of protection. 

“But Balls,” you say “This only covers your back-side as the DBA, why would my Boss care about this when it’s me on the line?”   

Well Dear Reader yes it is our back-side on the line, but so is our Boss’s, and the companies.  If you take the point of view of Jerry Macgwire “help me, help you. HELP ME, HELP YOU!”. 

Don’t go and yell at your boss, but you should know them well enough to know to find an approach that they will respond to.  If its ROI, bring up how much companies lose in money because of incidents like these, and future loss of customers profit if customer’s confidence in the business is shaken. 

HOW TO TURN IT ON

Get your minds out of the gutter J.  Turning on TDE is very easy we just follow 4 easy steps

1. In the Master Database Create a Master Key
2. In the Master Database Create a Certificate
3. In the User Database to be Encrypted Create a Database Encryption Key
4. Alter the User Database and Set Encryption On

It’s that easy.  After step 4 an encryption scan will begin on the database.  It is safe for user activity.  The only things you cannot do is alter the database at the Filegroup level.  No dropping, no adding.  While you are encrypting your database, It’s probably not the best time to be doing changes to the underlying file structure, (one thing at a time!).

Keep in mind that the second the 1^st user database becomes encrypted with TDE the TempDB will be encrypted as well.

TURNING IT OFF

“So Balls”, you say, “I turned TDE on my DEV system, did a demo for my boss, we’re not going to use it, how do I turn it off!”  We’ll Dear Reader it is pretty simple.

1. Alter All user databases and Set Encryption Off
2. Drop the Database Encryption Key for each User Database that was encrypted
3. (To Unencrypt the TempDB)-Restart the SQL Service
4. *DO NOT DROP THE CERTIFICATE

BACK THAT THANG DATABASE UP

When you turn on TDE it affects all Datafiles at rest.  All Data Files, Log Files (only the VLF’s utilized while TDE was turned on), snapshot files, and backup files.  So here are the things to consider.

If you turn on TDE on your Prod system, and you want to do a data refresh to your Dev or Staging environments you will need to restore a copy of the Certificate used to encrypt your Prod databases to your Dev or Staging server where the restore will take place.

If you want to use Log Shipping or Database Mirroring you will need to have the Certificate you use on your Primary or Principal Server on your Secondary or Mirror Server.

So if you have a Database using TDE, if you are using a technology that uses Restore and Recovery then you will need a copy of the Certificates on each SQL Instance where a copy of the Database will reside.

Now keep in mind this doesn’t mean you can’t move data around.  TDE works with data at rest.  That means that if you BCP data out of the database it is in an unencrypted state.  You don’t need to have a copy of the Certificates in your destination. 

So how does this effect your recovery strategy?  You need to backup your Certificates regularly.  You need to make sure that you plan for them like you do your backups.  If you sweep your backups to tape you’ll want to sweep your certificates to tape.  If you back up your databases to disk, backup your certificates to disk.  Keep redundant copies.  If you ever have to restore your database to a different server you will need them. 

I’ll be doing covering Key Management in my next post but all of the scripts you will need are in the download.

Each of these scripts need a little tweeking, but all the information is there.

Local DB, function, table, and encryption.sql (Sets Up a local DB, and TDE, to store passwords used in later scripts)

backup tde certificates.sql (T-SQL Script to automate certificate backups)

delete old TDE certificates.sql (T-SQL Script to automate certificate clean up)

Hope these get you on your way to learning how to use TDE!

Thanks,

Brad